Embodiments of the present invention relate to Internet Protocol (IP) network communications, more specifically, to techniques for domain name system (DNS) resolution.
On an Internet Protocol (IP) network, each participating device is identified by an Internet Protocol address (IP address). For Internet Protocol Version 4 (IPv4), the IP address is a 32-bit number. For Internet Protocol Version 6, (IPv6), the IP address is a 128-bit number. Additionally, computers or devices connected to the Internet or a private IP network can be assigned human-friendly hostnames. The Domain Name System (DNS) is a distributed naming system for computers, devices or other resources connected to the Internet or a private IP network. The Domain Name System (DNS) translates, among other things, hostnames into corresponding IP addresses via a process called DNS resolution. When a user accesses contents on a host, for example, by entering a URL (uniform resource locator) into the address bar of a web browser, the user's computer or device first resolves the IP address(es) of the destination host by looking up a DNS name server, then start the communication with the received IP address(es).
With the proliferation of the World Wide Web, various malicious or otherwise undesirable material come into existence, such as malware, fraud, information theft, identity theft, pornography, hate messages, etc. To mitigate the danger of exposing to such material, some DNS services block access to the material by redirecting the user to an alternate IP address where a warning message may be posted, instead of sending the user to the true IP address, where malicious content might be hosted. Some examples of such services are OpenDNS and Norton ConnectSafe.
In some situations, it is necessary to provide protective services such as those provided by OpenDNS and Notron ConnectSafe to one group of users, while at the same time allow access to the original content for another user group. For example, in a home network, kids may be blocked from adult themed contents but adults may be allowed. In a company network, normal users may be blocked from malware, phishing sites and scam sites, while security researchers may be allowed so that they can analyze the material and conduct risk assessment.